This report discusses many issues of building secure systems, denial of service attack resistant systems, trust in COTS software, testing networked systems, limitations of security models, etc. It also discusses the problems of large software systems in general. John Young has a late draft in the URLs below. The final version will be available thru the National Academy of Sciences.
>X-Sender: jya@pop.pipeline.com
>Date: Tue, 22 Dec 1998 13:05:53 -0500
>To: cryptography@c2.net
>From: John Young <jya@pipeline.com>
>Subject: Trust in Cyberspace
>Mime-Version: 1.0
>Sender: owner-cryptography@c2.net
>
>We offer the National Academy of Sciences September
>1998 report, "Trust in Cyberspace," a 243-page survey
>of all security issues and technologies associated with the
>Internet and computer networks:
>
> http://jya.com/tic-intro.htm (Introduction only, 58K)
>
> http://jya.com/tic.htm (Full report, 882K)
>
> http://jya.com/tic.zip (Full report zipped, 302K)
>
>The report reviews prior studies such as the CRISIS report
>on cryptography, the PCCIP report on protecting US
>infrastructure, the DoD report on Information Warfare -
>Defense, and several others, assesses those findings
>in greater depth, looks at technology and research
>needed, and recommends what government (NSA and
>DARPA) and private industry/eduation should do to
>assure security.
>
>NSA is upbraided for its opposition to strong cryptography
>and culture of overcontrolling secrecy. NSA's R2 research
>unit is singled out as needing to find ways to compete with
>industry for the best talent so that the agency's skills and
>tools do not lag the world market.
>
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting (408)356-8506 | thing right, but did know | 16345 Englewood Ave. frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA